Further claims about data selling

An online prescription service, educational institutions and even a Government department are among those to become embroiled in the latest claims about the sale of confidential data.

Information on parents has been bought up by state academies, higher education colleges and universities, while dentists have bought data to target new patients, the Daily Mail claimed.

The Information Commissioner’s Office (ICO) has already launched an investigation into claims made earlier this week by the newspaper that firms are sharing sensitive personal data such as pension details and medical records.

Today’s claims include one on a mail order pharmacy service, which caters for those including the elderly and housebound and provides an NHS repeat prescription service, which is reported to have sold patient data to a marketing firm.

The Department for Business Innovation & Skills reportedly commissioned a company to send emails in a scheme to help small business, with the paper claiming that the firm obtained the email addresses through the use of call centres.

The paper also claims a data firm passed the details of more than 3,000 people who had applied for loans to undercover reporters. Those the paper contacted said they had been cold-called and sent spam text messages.

Earlier this week the newspaper reported the names of thousands of sick and disabled people were sold to undercover reporters for 19p each.

No checks were made on who the reporters – posing as a cold-calling outfit – really were, it said.

The revelations about an alleged trade in medical records follow the Mail’s claims that pensioners’ salaries, the value of their investments and the size of their pensions are being sold for as little as 5p without their consent.

The financial details are allegedly being bought by fraudsters and cold-calling firms.

Dave Clancy, the ICO’s anti-spam investigation team manager, said investigating cold-calling firms was an “increasingly difficult job” because of offshore operations and tactics such as spoof numbers.

But he said the organisation would use its “best endeavours”, and recent prosecutions showed it had the ability to bring those acting illegally to justice.

“The ICO will look at these allegations and our knowledge of the industry and consider if these practices are in breach of regulations,” Mr Clancy said.

The ICO can issue fines of up to £500,000 for the most serious breaches of the Data Protection Act, while it can also pursue criminal prosecutions for unlawfully obtaining or accessing personal data.

It is now looking to establish whether there have been any breaches of the Data Protection Act or Privacy and Electronic Communications Regulations.